Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li.

Published byChristiana Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li."— Presentation transcript:

1 Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li

2 Distributed Large-scale attacks

3 Denial of service Deny the victim's access to a particular resource (service).

4 Volume Based Attacks – The volume-based attack’s goal is to saturate the bandwidth of the attacked site Protocol Based Attacks – Exploit a specific feature or implementation bug of some protocol installed at the victim in order to consume excess amounts of its resources Application Layer Attacks – goal of these attacks is to crash the web server

5 Volume Based Attacks

6 -->UDP floods -->ICMP floods -->Other spoofed-packet floods

7 Published in: · Proceeding LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats Pages 7-7 USENIX Association Berkeley, CA, USA ©2012 Classification of UDP traffic for DDoS detection Alexandru G.Bardas Loai Zomlot Sathya Chandran Sundaramurthy Xinming Qu S.Raj Rajagopalan Marc R.Eisenbarth

8 Basic points of the article (1)Examine the “proportional packet rate ” assumption.Test a large number of production networks (2)Algorithm for UDP traffic that aims at differentiating benign and flooding UDP flows based on the assumption (3)Two operation modes of using the algorithm for thwarting UDP- based DDos flooding.

9 Background information ->UDP is a stateless, simple protocol ->UDP floods: easy to launch but hard to detect ->Existing DoS sensor and prevention mechanisms are either ineffective or non- applicable

10 ->Assumption: under normal operations, the packet rate in one direction is proportional to the packet rate in the opposite direction ->Algorithm Put into a NACK-queue rather than waiting queue.

11 Experiments i.Validating the assumption ii.Ratio function for UDP attack traffic Iii.Performance, accuracy, calibration

12 Summary For this article Since UDP flooding attack is a kind of volume-based attack, we should analyze the flow of the packets to determine whether the flow is benign or is a DDos attack. The paper gives a possible mechanism to detect and evaluate the flow. And it gives the possible protections to the detected DDos attack.

13 Protocol Based Attacks

14 Protocol based DDOS Definition: This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in Packets per second. 2 popular Protocol based DDOS attacks. Ping of Death, Syn Flood

15 Ping of Death Definition: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. Reassemble many computer systems could not handle a ping packet larger than 65535 bytes. Larger packets could crash the target computer.

16 Syn Floods

17 Attack: 1. Send a large number of TCP open request. 2. OS allocate resources to track the TCP state. 3. Since the sender's IP is forged, the returning ACK will never be back. 4. By continuing sending this request, the attacker could exhaust the resource on the server machine.

18 Syn Floods Defend: Syn Caches Syn cookies

19 Application Layer Attacks

20 Comprised of seemingly legitimate and innocent requests Crash the webserver Delay the response time or even block the service Application layer DDoS attack

21 Other Layer attackApp-layer attack Target: network bandwidth around Internet subsystems such as routers, Domain Name Servers, or web clusters. High level protocol such as HTTP. Legitimate lower level packets Harder to monitor and mitigate (more complicate and diverse) Difference Application layer DDoS attack

22 Types Request-flooding - many requests in a http session Session-flooding - many sessions are set up by a client Asymmetric - each request is every time-consuming Application layer DDoS attack

23 Defense Determine suspicious session/client by previous collected data Least suspicion first served, high suspicion blocked Application layer DDoS attack

24 Our Opinion Application layer DDoS attack Complex because it mimics legitimate user requests a lot Involve more human decision which is not as normalized as things in lower layer Solutions yield the case that some of the time-consuming or impatient user requests being postponed largely Still not a solution to the case that botnet being employed to perform the attack.

25 Comparison Volume-basedProtocol-basedApplication Layer RequestBogus Legitimate ProtocolUDP, ICMPTCP, ICMPHTTP, HTTPS ConnectionNot full Full High-bandwidthYes No DetectableYes Stealthy ProtectionEasy Hard

26 Q&A

Download ppt "Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Similar presentations

Ads by Google